QwikClock is an employee time tracking app.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

required.php 6.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
  1. <?php
  2. /**
  3. * This file contains global settings and utility functions.
  4. */
  5. ob_start(); // allow sending headers after content
  6. // Unicode, solves almost all stupid encoding problems
  7. header('Content-Type: text/html; charset=utf-8');
  8. // l33t $ecurity h4x
  9. header('X-Content-Type-Options: nosniff');
  10. header('X-XSS-Protection: 1; mode=block');
  11. header('X-Powered-By: Late-night coding frenzies (plz send caffeine, thx)');
  12. $session_length = 60 * 60; // 1 hour
  13. session_set_cookie_params($session_length, "/", null, false, true);
  14. session_start(); // stick some cookies in it
  15. //
  16. // Composer
  17. require __DIR__ . '/vendor/autoload.php';
  18. // Settings file
  19. require __DIR__ . '/settings.php';
  20. // List of alert messages
  21. require __DIR__ . '/lang/messages.php';
  22. // text strings (i18n)
  23. require __DIR__ . '/lang/' . LANGUAGE . ".php";
  24. /**
  25. * Kill off the running process and spit out an error message
  26. * @param string $error error message
  27. */
  28. function sendError($error) {
  29. die("<!DOCTYPE html><html><head><title>Error</title></head><body><h1 style='color: red; font-family: sans-serif; font-size:100%;'>" . htmlspecialchars($error) . "</h1></body></html>");
  30. }
  31. date_default_timezone_set(TIMEZONE);
  32. // Database settings
  33. // Also inits database and stuff
  34. use Medoo\Medoo;
  35. $database;
  36. try {
  37. $database = new Medoo([
  38. 'database_type' => DB_TYPE,
  39. 'database_name' => DB_NAME,
  40. 'server' => DB_SERVER,
  41. 'username' => DB_USER,
  42. 'password' => DB_PASS,
  43. 'charset' => DB_CHARSET
  44. ]);
  45. } catch (Exception $ex) {
  46. //header('HTTP/1.1 500 Internal Server Error');
  47. sendError("Database error. Try again later. $ex");
  48. }
  49. if (!DEBUG) {
  50. error_reporting(0);
  51. } else {
  52. error_reporting(E_ALL);
  53. ini_set('display_errors', 'On');
  54. }
  55. $VARS;
  56. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  57. $VARS = $_POST;
  58. define("GET", false);
  59. } else {
  60. $VARS = $_GET;
  61. define("GET", true);
  62. }
  63. /**
  64. * Checks if a string or whatever is empty.
  65. * @param $str The thingy to check
  66. * @return boolean True if it's empty or whatever.
  67. */
  68. function is_empty($str) {
  69. return (is_null($str) || !isset($str) || $str == '');
  70. }
  71. /**
  72. * I18N string getter. If the key doesn't exist, outputs the key itself.
  73. * @param string $key I18N string key
  74. * @param boolean $echo whether to echo the result or return it (default echo)
  75. */
  76. function lang($key, $echo = true) {
  77. if (array_key_exists($key, STRINGS)) {
  78. $str = STRINGS[$key];
  79. } else {
  80. $str = $key;
  81. }
  82. if ($echo) {
  83. echo $str;
  84. } else {
  85. return $str;
  86. }
  87. }
  88. /**
  89. * I18N string getter (with builder). If the key doesn't exist, outputs the key itself.
  90. * @param string $key I18N string key
  91. * @param array $replace key-value array of replacements.
  92. * If the string value is "hello {abc}" and you give ["abc" => "123"], the
  93. * result will be "hello 123".
  94. * @param boolean $echo whether to echo the result or return it (default echo)
  95. */
  96. function lang2($key, $replace, $echo = true) {
  97. if (array_key_exists($key, STRINGS)) {
  98. $str = STRINGS[$key];
  99. } else {
  100. $str = $key;
  101. }
  102. foreach ($replace as $find => $repl) {
  103. $str = str_replace("{" . $find . "}", $repl, $str);
  104. }
  105. if ($echo) {
  106. echo $str;
  107. } else {
  108. return $str;
  109. }
  110. }
  111. /**
  112. * Checks if an email address is valid.
  113. * @param string $email Email to check
  114. * @return boolean True if email passes validation, else false.
  115. */
  116. function isValidEmail($email) {
  117. return filter_var($email, FILTER_VALIDATE_EMAIL);
  118. }
  119. /**
  120. * Hashes the given plaintext password
  121. * @param String $password
  122. * @return String the hash, using bcrypt
  123. */
  124. function encryptPassword($password) {
  125. return password_hash($password, PASSWORD_BCRYPT);
  126. }
  127. /**
  128. * Securely verify a password and its hash
  129. * @param String $password
  130. * @param String $hash the hash to compare to
  131. * @return boolean True if password OK, else false
  132. */
  133. function comparePassword($password, $hash) {
  134. return password_verify($password, $hash);
  135. }
  136. function dieifnotloggedin() {
  137. if ($_SESSION['loggedin'] != true) {
  138. sendError("Session expired. Please log out and log in again.");
  139. }
  140. }
  141. /**
  142. * Check if the previous database action had a problem.
  143. * @param array $specials int=>string array with special response messages for SQL errors
  144. */
  145. function checkDBError($specials = []) {
  146. global $database;
  147. $errors = $database->error();
  148. if (!is_null($errors[1])) {
  149. foreach ($specials as $code => $text) {
  150. if ($errors[1] == $code) {
  151. sendError($text);
  152. }
  153. }
  154. sendError("A database error occurred:<br /><code>" . $errors[2] . "</code>");
  155. }
  156. }
  157. /*
  158. * http://stackoverflow.com/a/20075147/2534036
  159. */
  160. if (!function_exists('base_url')) {
  161. function base_url($atRoot = FALSE, $atCore = FALSE, $parse = FALSE) {
  162. if (isset($_SERVER['HTTP_HOST'])) {
  163. $http = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http';
  164. $hostname = $_SERVER['HTTP_HOST'];
  165. $dir = str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
  166. $core = preg_split('@/@', str_replace($_SERVER['DOCUMENT_ROOT'], '', realpath(dirname(__FILE__))), NULL, PREG_SPLIT_NO_EMPTY);
  167. $core = $core[0];
  168. $tmplt = $atRoot ? ($atCore ? "%s://%s/%s/" : "%s://%s/") : ($atCore ? "%s://%s/%s/" : "%s://%s%s");
  169. $end = $atRoot ? ($atCore ? $core : $hostname) : ($atCore ? $core : $dir);
  170. $base_url = sprintf($tmplt, $http, $hostname, $end);
  171. } else
  172. $base_url = 'http://localhost/';
  173. if ($parse) {
  174. $base_url = parse_url($base_url);
  175. if (isset($base_url['path']))
  176. if ($base_url['path'] == '/')
  177. $base_url['path'] = '';
  178. }
  179. return $base_url;
  180. }
  181. }
  182. function redirectToPageId($id, $args, $dontdie) {
  183. header('Location: ' . URL . '?id=' . $id . $args);
  184. if (is_null($dontdie)) {
  185. die("Please go to " . URL . '?id=' . $id . $args);
  186. }
  187. }
  188. function redirectIfNotLoggedIn() {
  189. if ($_SESSION['loggedin'] !== TRUE) {
  190. header('Location: ' . URL . '/login.php');
  191. die();
  192. }
  193. }